Discuss SQL injection attack and XSS attack in php
- 2020-05-17 04:58:11
- OfStack
For example: SQL injection attack
XSS attack
There have been many articles about the SQL attack and various anti-injection scripts, but none of them address the underlying problem of SQL injection
See the code:
Very simple 1 piece of code, the function is used to detect the user name or password is correct, but in 1 malicious attacker submitted 1 sensitive code. There are two ways for post to judge an injection.
1. Enter "or '1'=1" or "and 1=1" in the text field of the form form
In the query database statement should be:
SELECT admin where login =' user '= 'or '1'=1' or' pass '= 'xxxx'
Of course, there is no error, because or stands for and, or in sql's language. Of course, you'll also get errors.
We found that we could execute the SQL statement and then query all the information about the current table. For example: the correct administrator account and password for login intrusion.
Repair method 1:
Use javascript script to filter special characters (not recommended, not targeted)
If an attacker has disabled javascript, you can still perform an SQL injection attack.
Repair method 2:
Use mysql's built-in functions for filtering.
See the code:
Since e we talked about the xss attack, let's talk about the XSS attack and prevention.
Submit form:
Receiving file:
Very simple 1 piece of code, here just simulated the use of the scene.
Join the attacker to submit
< script > alert(document.cookie); < /script >
The returned page should display the cookie information for the current page.
We can apply this to some message boards (which are not filtered in advance) and then steal COOKIE information when the administrator is reviewing the message and send it to the attacker's space or mailbox. An attacker can use the cookie modifier to log in.
Of course, there are many solutions. Here's one of the most common.
Fix 1: escape using javascript
Fix 2: escape using the php built-in function
The code is as follows:
[code]
if(empty($_POST['sub'])){
$str=$_POST['test'];
htmlentities($srt);
echo $srt;
}
[html]
All right, so much for the SQL injection attack and XSS attack cases and fixes.
There are other solutions, of course:
For example, use the php framework
There are other ways. Of course, XSS is used and attacked in many ways. This paper only filters the submission method of php, and there are other reasons to study by yourself
Aey uhost team(team.hake.cc).
y0umer
2012/6/7
XSS attack
Arbitrary execution code
File include and CSRF.
}
There have been many articles about the SQL attack and various anti-injection scripts, but none of them address the underlying problem of SQL injection
See the code:
<?php
mysql_connect("localhost","root","123456")or die(" Database connection failed !");
mysql_select_db("test1");
$user=$_post['uid'];
$pwd=$_POST['pass'];
if(mysql_query("SELECT * from where
admin
= `username`='$user' or `password`='$pwd'"){
echo " User logged in successfully ..";
} eles {
echo " User name or password error ";
}
?>
Very simple 1 piece of code, the function is used to detect the user name or password is correct, but in 1 malicious attacker submitted 1 sensitive code. There are two ways for post to judge an injection.
1. Enter "or '1'=1" or "and 1=1" in the text field of the form form
In the query database statement should be:
SELECT admin where login =' user '= 'or '1'=1' or' pass '= 'xxxx'
Of course, there is no error, because or stands for and, or in sql's language. Of course, you'll also get errors.
We found that we could execute the SQL statement and then query all the information about the current table. For example: the correct administrator account and password for login intrusion.
Repair method 1:
Use javascript script to filter special characters (not recommended, not targeted)
If an attacker has disabled javascript, you can still perform an SQL injection attack.
Repair method 2:
Use mysql's built-in functions for filtering.
See the code:
<?php
// Omitting operations such as connecting to a database.
$user=mysql_real_escape_string($_POST['user']);
mysql_query("select * from admin whrer `username`='$user'");
?>
Since e we talked about the xss attack, let's talk about the XSS attack and prevention.
Submit form:
<form method="post" action="">
<intup tyep="text" name="test">
<intup tyep="submit" name="sub" value=" submit ">
</form>
Receiving file:
if(empty($_POST['sub'])){
echo $_POST['test'];
}
Very simple 1 piece of code, here just simulated the use of the scene.
Join the attacker to submit
< script > alert(document.cookie); < /script >
The returned page should display the cookie information for the current page.
We can apply this to some message boards (which are not filtered in advance) and then steal COOKIE information when the administrator is reviewing the message and send it to the attacker's space or mailbox. An attacker can use the cookie modifier to log in.
Of course, there are many solutions. Here's one of the most common.
Fix 1: escape using javascript
Fix 2: escape using the php built-in function
The code is as follows:
[code]
if(empty($_POST['sub'])){
$str=$_POST['test'];
htmlentities($srt);
echo $srt;
}
[html]
All right, so much for the SQL injection attack and XSS attack cases and fixes.
There are other solutions, of course:
For example, use the php framework
There are other ways. Of course, XSS is used and attacked in many ways. This paper only filters the submission method of php, and there are other reasons to study by yourself
Aey uhost team(team.hake.cc).
y0umer
2012/6/7